Summary of offence
The Act imposes strict criminal liability on commercial organisations where an associated person corruptly gives any gratification with the intent to obtain or retain business, or an advantage in the conduct of business, for the commercial organisation.
The scope of the provision is broad. It applies to both Malaysian companies and foreign companies conducting business in Malaysia, with the company’s “associated person” including directors, employees and most third party service providers.
As the offence is a strict liability offence, a company will be liable regardless of whether it had actual knowledge of the corrupt actions of its associated persons. Where a company commits an offence, the directors, officers and management are deemed to have committed the same offence unless they are able to prove that the offence was committed without their consent and that they exercised due diligence to prevent the offence.
The offence comes with a heavy penalty of a fine not less than 10 times the value of the bribe or MYR 1 million (whichever is higher) and/or imprisonment of a term not exceeding 20 years.
‘Adequate’ procedures defence – TRUST guidelines
A company will have a defence if it can prove that it had in place adequate procedures designed to prevent associated persons from committing the corrupt acts.
The Prime Minister’s Department has released guidelines on what will be considered adequate procedures. These guidelines lay down five key principles, using the acronym T.R.U.S.T., and provide some suggestions on how the principles might be applied in practice. Below are some highlights:
Top level commitment
Top level management is expected to set the “tone from the top” that corrupt practices will not be tolerated. They must take responsibility for managing the key corruption risks within the company and ensuring compliance with applicable laws and regulations.
Company management needs to be involved in implementing a robust anti-corruption program and communicating the policies and commitments on anti-corruption to internal and external parties. This may involve the Board of Directors identifying a person or team to assume responsibility for overseeing the program, provided that the results of audits, reviews, control measures and performance are still reported and acted upon by top level management.
Risk assessments should be conducted at regular intervals to identify changes in risks of corruption. Identifying changes will allow the company to tailor its anti-corruption program to ensure it is effective against the particular risks faced.
The guidelines recommend a comprehensive risk assessment is done every three years, with intermittent assessments conducted as necessary. The assessments may include a review of opportunities for corruption and fraud activities, relationships with third parties in the supply chain (e.g. vendors, suppliers) and financial transactions which may disguise corrupt payments.
Undertake Control Measures
The company should put in place appropriate controls and contingency measures to address the identified corruption risks, reasonable and proportionate to the nature and size of the company. These measures should include undertaking due diligence on parties when entering into formal relationships (with ongoing diligence for higher risk parties) and establishing a trusted reporting channel through which internal and external parties can raise concerns.
Companies should ensure they have up-to-date policies and procedures to address the risk, which are endorsed by top level management and easily available. The guidelines list nine areas to be covered, including general anti-bribery and corruption, conflicts of interest and the provision of gifts, entertainment, hospitality and travel. The company should implement a policy and process to deal with the reporting channel (i.e. whistle-blower channel) to ensure it is accessible, trusted and confidential.
Systematic Review, Monitoring and Enforcement
Top level management should regularly review and assess the performance, effectiveness and efficiency of the anti-corruption program and ensure it is enforced. Any shortfalls identified through the review should be used to improve the anti-corruption controls in place.
Companies should set up a monitoring program, with reviews and audits conducted by a competent person or compliance function. A company may consider having an external audit undertaken periodically to provide comfort that it is compliant with its policies and procedures. Where individuals are found not to be in compliance with the program, appropriate disciplinary measures should be implemented.
Training and Communication
The company should ensure its anti-corruption policies, training, reporting channel and consequences of non-compliance are appropriately communicated to all personnel and business associates, and made publicly available if appropriate.
The company should provide its employees and business associates with training adequate to ensure their understanding of the position on anti-corruption.
Regulated companies should also be aware of changes made by the Bursa Malaysia and the Securities Commission to the listing requirements and the Licensing Handbook, which will also take effect on 1 June 2020 (see Link).
Actions to consider
Companies operating in Malaysia should take steps immediately, and in any event before 1 June 2020, to ensure their anti-corruption program complies with the principles set out above.
Such steps should include:
- Reviewing the existing set of anti-corruption policies and procedures. The program should adequately cover the risks to the business and there must be a procedure for escalating issues to top level management. Contact details of the person or function responsible should be checked to ensure they are current in any policy.
- Addressing any gaps in the program. The current environment may give rise to additional anti-corruption risks that need to be addressed. For example, are the organisation’s due diligence procedures effective to deal with risks associated with engaging new or unfamiliar third parties (e.g. changes in the supply chain, managing interactions between agents and third parties)?
- Assessing the training and communications processes. The communication channels and training should be appropriate to ensure all “associated persons” will be aware of the position on anti-corruption and the required policies and procedures. Companies should consider whether to make the policies or codes of conduct available publicly and whether training should be available in other languages or tailored to a specific role.
- Ensuring top level management is actively involved in the program. A key message in the guidelines is that top level management should be – and will be held – responsible for ensuring the anti-corruption program is robust, visible and effective. The processes in place should ensure that top level management is involved in their implementation and aware of any issues that arise.
If you would like clear, practical guidance on designing, establishing and maintaining a robust compliance program, please refer to the Baker McKenzie’s 5 Essential Elements Of Corporate Compliance.
* * * * *
This client alert was issued by Wong & Partners, a member firm of Baker McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “partner” means a person who is a partner or equivalent in such a law firm. Similarly, reference to an “office” means an office of any such law firm. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.